Heads up, WhatsApp customers! It’s time to replace WhatsApp in your units as the newest model addresses two extreme safety flaws. Exploiting the vulnerabilities might enable an adversary to carry out RCE assaults and take management of WhatsApp messenger.
WhatsApp RCE Vulnerabilities Fastened In September
In a current put up, Malwarebytes elaborated on WhatsApp’s September replace that addresses two main vulnerabilities.
As described, each vulnerabilities might enable distant code execution assaults on the goal units, exposing the sufferer’s WhatsApp information.
Particularly, the primary of those, CVE-2022-36934, is an integer overflow permitting RCE assaults throughout a WhatsApp video name. The flaw existed within the Video Name Handler part that allowed the adversary to take management of an ongoing video name and your entire messenger app.
The second vulnerability, CVE-2022-27492, can be a associated one, however it didn’t have an effect on video calls, as a substitute, the video information. Particularly, it affected the Video File Handler part, permitting an attacker to set off reminiscence corruption by malicious unknown inputs. Merely put, sending a maliciously crafted video file might let the attacker set off the flaw and achieve distant code execution entry on the goal system.
WhatsApp confirmed patching the vulnerabilities with the September replace for its customers throughout varied units, by way of an advisory. Notably, the service launched the fixes with WhatsApp v2.22.16.12 for Android, Enterprise for Android, iOS, and Enterprise for iOS apps.
Because the vulnerabilities at the moment are identified, customers should guarantee to replace their units with the newest WhatsApp releases, if haven’t finished already. Particularly, given the excessive safety dangers to WhatsApp customers concerning distant hacking assaults and spying, holding the app updated is inevitable.
These two vulnerabilities prolong the record of WhatsApp vulnerabilities fastened this 12 months to 4. However it’s been some time because the tech large launched such an replace because the earlier WhatsApp replace arrived in February 2022 with WhatsApp v2.21.23.2. Whereas the primary safety repair for the 12 months had arrived with the January replace.
Tell us your ideas within the feedback.
